Recording of scrambled digital data

ABSTRACT

A system for transmitting and recording digital data is included. Further, a system for transmitting transmit scrambled audio data that is to be recorded on a mini disc reader is included. A system for transmission and recording of digital data includes transmission means adapted to prepare and transmit scrambled digital data together with at least one encrypted control word and a digital recording device adapted to receive and record the scrambled digital data and encrypted control word on a digital support. The digital recording device further includes an access control means adapted to decrypt the control word and thereafter descramble the digital data during playback.

The present invention relates to a method and apparatus for transmissionand recording of scrambled digital data, for example broadcast audioand/or visual data.

Transmission of scrambled or encrypted digital data is well-known in thefield of pay. TV systems, where scrambled audiovisual information isbroadcast e.g. by satellite to a number of subscribers, each subscriberpossessing a decoder or receiver/decoder capable of descrambling thetransmitted program for subsequent viewing.

In a typical conditional access system for pay TV, scrambled digitaldata is transmitted together with a control word for descrambling thedigital data, the control word itself being encrypted by a first key andtransmitted in encrypted form in an ECM message. The scrambled digitaldata and encrypted code word are received by a decoder possessing anequivalent of the first key necessary to decrypt the encrypted controlword and thereafter descramble the transmitted data. Usually, thecontrol word changes every 10-15 seconds. A paid-up subscriber willreceive on a monthly basis an EMM message including the exploitation keynecessary to decrypt the encrypted control words so as to permit viewingof the broadcast programs.

With the advent of digital technology, the quality of the transmitteddata has increased many times over. A particular problem associated withdigital quality data lies in its ease of reproduction. Where adescrambled program is passed via an analogue link (e.g. the “Peritel”link) for viewing and recording by a standard VCR the quality remains nogreater than that associated with a standard analogue cassetterecording. The risk that such a recording may be used as a master tapeto make pirate copies is thus no greater than with a standardshop-bought analogue cassette.

By way of contrast, any descrambled digital data passed by a directdigital link to one of the new generation of digital recording devices(for example, a DVHS recorder) will be of the same quality as theoriginally transmitted program. It may thus be reproduced any number oftimes without any degradation of image or sound quality. There istherefore a considerable risk that the descrambled data will be used asa master recording to make pirate copies, either further digital copiesor even simple analogue VHS copies.

PCT/US97/07981, which represents the closest prior art document,discloses a system of copyright control, in which authorisation messagesare included with a broadcast program. A receiver/decoder makes adecision to record the program or not based on this message, the programusually being recorded in clear on the video cassette. The systemoperates in parallel with a conventional conditional access system andin all embodiments the transmitted scrambled program is descrambled inthe decoder before being recorded.

EP 0763936 discloses another method of copyright control, again using asystem of authorisation messages in parallel with a conventional accesscontrol system. In order to permit replaying of a scrambled recordingafter the end of a subscription month (and a subsequent change inexploitation key), the system stores that month's EMM message in thesmart card of the decoder. This may lead to significant informationstorage problems in the smart card.

It is an object of the present invention to enable a secure system fortransmission and recordal of data permitting authorised recording oftransmitted digital data, whilst minimising the risk of pirate copies ofsuch recordings being made by unauthorised third parties and avoidingthe problems with the known systems.

According to the present invention there is provided a system fortransmission and recording of digital data, comprising a transmissionmeans adapted to prepare and transmit at least one control wordencrypted by a first key together with digital data scrambled by thatcontrol word characterised in further comprising a digital recordingdevice adapted to receive and record the transmitted scrambled digitaldata together with the encrypted control word on a digital support, thedigital recording device further including an access control unitadapted to decrypt the control word and thereafter descramble thedigital data during playback.

In this way, the data in question will be recorded in the scrambled formin which it was transmitted directly on the digital support medium, andmay only be accessed thereafter in conjunction with the recording deviceand associated access control unit, thereby providing a secure systemfor recordal whilst avoiding the problems with the known methods.

The access control unit may be permanently integrated in the recordingdevice. However, in some embodiments it may be envisaged that the accesscontrol unit is incorporated in a discrete module, for example as asmart card on SIM card, insertable in the recording device to permitdecryption and descrambling of the recorded data upon playback.

Whilst the recording device may include the means necessary to receivethe transmitted digital data, the system may also comprise a separatereceiver/decoder adapted to receive the transmitted digital data andencrypted code word and to communicate this information to the recordingdevice for subsequent recordal.

In this embodiment, the receiver/decoder may be a standard type as knownfrom the field of digital television broadcast and adapted to receivebroadcast audio and/or visual data (scrambled and in clear) as well asdata sent, for example, via a modem link to the receiver/decoder. Thereceiver/decoder may also be integrated with other devices such asdigital television, DVHS recorder etc.

Broadly speaking, the system may function in two possible modes ofoperation; a cyclical transmission mode and a transmission on demandmode. In the case of a cyclical transmission mode, the transmissionmeans is adapted to repetitively transmit the scrambled digital data andencrypted code word.

In such a mode, the control word for the data is preferably encrypted bya first key associated with the identity of the data being transmitted.For example, in the case where a number of pieces of music are beingtransmitted in a repeating cycle, the control word or words needed todescramble the data for each recording are encrypted by a key specificto that particular piece of music. The number of control words neededmay depend on the length of the piece of music.

The equivalent of the key needed to decrypt the control word may becommunicated to the access control means in a number of ways, forexample, simply by transmission “in clear” over a telephone network orthe like. Preferably, however, the first key is encrypted by a secondkey before communication to the access control unit.

In such an embodiment, the system may further comprise a key encryptionapparatus adapted to encrypt the equivalent first key by a second keybefore communication to the recording device, the access control unitpossessing an equivalent of the second key so as to permit thedecryption of the first key and, thereafter, the decryption of thecontrol word and subsequent descrambling of the transmitted data

The key encryption apparatus may be integrated with the transmissionmeans and the associated circuitry for scrambling the transmission etc.However, it may equally be associated with a separate database andserver containing a list of keys associated with each access controlmeans and recording device.

In the case where the system comprises a receiver/decoder unit, thereceiver/decoder unit may be adapted to request a first key from the keyencryption apparatus, the key encryption apparatus thereaftertransmitting the encrypted first key to the receiver/decoder forsubsequent communication to the recording device and access controlmodule.

For example, the key encryption apparatus may respond to a requestreceived from the receiver/decoder via a modem channel by returninginformation on this channel. Alternatively, the information may becommunicated to the transmission means for subsequent communication, forexample, in a broadcast transmission.

The above cyclical transmission embodiments have been discussed inparticular in relation to systems in which the key used to encrypt thecontrol word is directly associated with the identity of the data e.g.the particular piece of music or audiovisual programme transmitted.

In an alternative embodiment, the same first key is used to encrypt thecontrol word or words associated with a plurality of sets of data Forexample, all programmes or songs transmitted during a particular periodof time, such as during a month's subscription, may use the same firstencryption key to encrypt control word data.

Similarly, whilst the first key is normally sent in response to arequest from a user, in one embodiment the first key is repetitivelytransmitted by the transmission means in a message encrypted by a secondkey.

The verification that the user or subscriber has sufficient rights toreceive and record, for example, a month's worth of data may be handledupstream at the transmission. Only those subscribers having paid thenecessary subscription will receive the key for that month, as encryptedby their personalised second key and sent by the transmission means.

In addition, in some embodiments, the access control module may furtherinclude a credit unit for controlling the number of recordings made bythe recorder and/or the number of times a recording is replayed, forexample, during a month's worth of credit In this case, a number ofcredits may be communicated, for example, together with the first keyinformation to the recorder device each month, each recording resultingin the reduction of a credit held by the recording device.

The above embodiments have been discussed in relation to a cyclical modeof transmission. In an alternative on-demand mode, the transmissionmeans responds to a real-time request to transmit the scrambled digitaldata and encrypted control word.

Whilst being more complicated to manage in terms of the receivedrequests, the on-demand embodiment may permit a simplification of theencryption process. In particular, in one embodiment, the control wordis directly encrypted by a first key associated with the identity of theaccess control unit, the access control unit possessing an equivalent ofthis key to permit the decryption of the control word and subsequentdescrambling of the data.

The real-time request may be communicated to the transmission means by areceiver/decoder connected to the recording device. Alternatively, arequest may be made by telephone, minitel etc.

The transmission means may be adapted to transmit data to the recordervia any number of communication channels, for example, via a fixedtelecommunications network. However, the invention is particularlyapplicable to broadcast transmission of primarily audiovisual ormultimedia digital data, notably audio data. The present invention mayalso be used in conjunction with many types of digital recordingdevices.

In one preferred embodiment, the transmission means is adapted totransmit digital audio data In such an embodiment, the recording devicemay conveniently comprise a mini disc recorder adapted to include accesscontrol means as described above.

The present invention equally extends to a recording device for use in asystem as described above and a method of transission and recording ofscrambled data.

The terms “scrambled” and “encrypted” and “control word” and “key” havebeen used at various parts in the text for the purpose of clarity oflanguage. However, it will be understood that no fundamental distinctionis to be made between “scrambled data” and “encrypted data” or between a“control word” and a “key”. Similarly, the term “equivalent key” is usedto refer to a key adapted to decrypt data encrypted by a first mentionedkey, or vice versa. Unless obligatory in view of the context or unlessotherwise specified, no general distinction is made between keysassociated with symmetric algorithms such as DES and those associatedwith public/private algorithms such as RSA.

The term “receiver/decoder” or “decoder” used herein may connote areceiver for receiving either encoded or non-encoded signals, forexample, television and/or radio signals, which may be broadcast ortransmitted by some other means. The term may also connote a decoder fordecoding received signals. Embodiments of such receiver/decoders mayinclude a decoder integral with the receiver for decoding the receivedsignals, for example, in a “set-top box”, such a decoder functioning incombination with a physically separate receiver, or such a decoderincluding additional functions, such as a web browser or integrated withother devices such as a video recorder or a television.

Similarly, the term “digital recording device” may designate anysuitable device adapted for recording digital data, notably audio and/orvisual data, such as DAT machine, a DVD recorder, a DVHS recorder, amini disc recorder etc.

As used herein, the term “transmission means” includes any transmissionsystem for transmitting or broadcasting for example primarilyaudiovisual or multimedia digital data. Whilst the present invention isparticularly applicable to broadcast digital audio or televisionsystems, the invention may also be applicable to a fixedtelecommunications network for multimedia internet applications, to aclosed circuit television, and so on.

In the case of a broadcast audio or television system, the transmissionroute may include satellite, terrestrial, cable or other medium.

Other general and preferred features of the various aspects of theinvention will be apparent from the description of the various exemplaryembodiments. In this regard, there will now be described, by way ofexample only, a number of embodiments of the present invention, withreference to the attached figures, in which:

FIG. 1 shows an overview of a digital television system adaptable foruse in the present invention;

FIG. 2 shows the elements of the receiver/decoder of FIG. 1;

FIG. 3 shows a first embodiment of the invention including a recordingdevice for recording transmitted scrambled data;

FIG. 4 shows the recorded data associated with the embodiment of FIG. 3;

FIG. 5 shows a second embodiment of the invention adapted to use theprinciple of a series of prepaid tokens;

FIG. 6 shows the recorded data associated with the embodiment of FIG. 5;

FIG. 7 shows a third embodiment of the embodiment in which data issupplied on demand; and

FIG. 8 shows the recorded data associated with the embodiment of FIG. 7.

In the embodiments of FIGS. 3 to 8, the present invention will bediscussed in relation to the broadcast transmission of scrambled dataand its subsequent recordal. A digital television system and decoder foruse in such a context will now be described in relation to FIGS. 1 and2.

An overview of a digital television system 1 according to the presentinvention is shown in FIG. 1. The invention includes a mostlyconventional digital television system 2 that uses the known MPEG-2compression system to transmit compressed digital signals. In moredetail, MPEG-2 compressor 3 in a broadcast centre receives a digitalsignal stream (typically a stream of video signals). The compressor 3 isconnected to a multiplexer and scrambler 4 by linkage 5.

The multiplexer 4 receives a plurality of further input signals,assembles the transport stream and transmits compressed digital signalsto a transmitter 6 of the broadcast centre via linkage 7, which can ofcourse take a wide variety of forms including teleconmnunications links.The transmitter 6 transmits electromagnetic signals via uplink 8 towardsa satellite transponder 9, where they are electronically processed andbroadcast via notional downlink 10 to earth receiver 12, conventionallyin the form of a dish owned or rented by the end user. The signalsreceived by receiver 12 are transmitted to an integratedreceiver/decoder 13 owned or rented by the end user and connected to theend user's television set 14. The receiver/decoder 13 decodes thecompressed MPEG-2 signal into a television signal for the television set14.

Other transport channels for transmission of the data are of coursepossible, such as terrestrial broadcast, cable transmission, combinedsatellite/cable links, telephone networks etc.

In a multichannel system, the multiplexer 4 handles audio and videoinformation received from a number of parallel sources and interactswith the transmitter 6 to broadcast the information along acorresponding number of channels. In addition to audiovisualinformation, messages or applications or any other sort of digital datamay be introduced in some or all of these channels interlaced with thetransmitted digital audio and video information.

A conditional access system 15 is connected to the multiplexer 4 and thereceiver/decoder 13, and is located partly in the broadcast centre andpartly in the decoder. It enables the end user to access digitaltelevision broadcasts from one or more broadcast suppliers. A smartcard,capable of deciphering messages relating to commercial offers (that is,one or several television prograrnmes sold by the broadcast supplier),can be inserted into the receiver/decoder 13. Using the decoder 13 andsmartcard, the end user may purchase commercial offers in either asubscription mode or a pay-per-view mode.

As mentioned above, programmes transmitted by the system are scrambledat the multiplexer 4, the conditions and encryption keys applied to agiven transmission being determined by the access control system 15.Transmission of scrambled data in this way is well known in the field ofpay TV systems. Typically, scrambled data is transmitted together with acontrol word for descrambling of the data, the control word itself beingencrypted by a so-called exploitation key and transmitted in encryptedform in an ECM (Entitlement Control Message).

The scrambled data and encrypted control word are then received by thedecoder 13 having access to an equivalent of the exploitation key storedon a smart card inserted in the decoder to decrypt the encrypted ECM andcontrol word and thereafter descramble the transmitted data. A paid-upsubscriber will receive, for example, in a broadcast monthly EMM(Entitlement Management Message) the exploitation key necessary todecrypt the encrypted control word so as to permit viewing of thetransmission.

An interactive system 16, also connected to the multiplexer 4 and thereceiver/decoder 13 and again located partly in the broadcast centre andpartly in the decoder, enables the end user to interact with variousapplications via a modem back channel 17. The modem back channel mayalso be used for communications used in the conditional access system15. An interactive system may be used, for example, to enable the viewerto communicate immediately with the transmission centre to demandauthorisation to watch a particular event, download an application etc.

Referring to FIG. 2, the elements of the receiver/decoder 13 or set-topbox adapted to be used in the present invention will now be described.The elements shown in this figure will be described in terms offunctional blocks.

The decoder 13 comprises a central processor 20 including associatedmemory elements and adapted to receive input data from a serialinterface 21, a parallel interface 22, a modem 23 (connected to themodem back channel 17 of FIG. 1), and switch contacts 24 on the frontpanel of the decoder.

The decoder is additionally adapted to receive inputs from an infra-redremote control 25 via a control unit 26 and also possesses two smartcardreaders 27, 28 adapted to read bank or subscription smartcards 29, 30respectively. The subscription smartcard reader 28 engages with aninserted subscription card 30 and with a conditional access unit 29 tosupply the necessary control word to a demultiplexer/descrambler 30 toenable the encrypted broadcast signal to be descrambled. The decoderalso includes a conventional tuner 31 and demodulator 32 to receive anddemodulate the satellite transmission before being filtered anddemultiplexed by the unit 30.

Processing of data within the decoder is generally handled by thecentral processor 20. The software architecture of the central processormay correspond to that used in a known decoder and will not be describedhere in any detail. It may be based, for example, on a virtual machineinteracting via an interface layer with a lower level operating systemimplemented in the hardware components of the decoder. In terms of thehardware architecture, the decoder will be equipped with a processor,memory elements such as ROM, RAM, FLASH etc. as in known decoders.

In the case of received audio and video signals, and as will bedescribed in more detail below, the MPEG packets containing thesesignals will be demultiplexed and filtered so as to pass real time audioand video data in the form of a packetised elementary stream (PES) ofaudio and video data to dedicated audio and video processors or decoders33, 34. The converted output from the audio processor 33 passes to apreamplifier 35 and thereafter via the audio output of thereceiver/decoder. The converted output from the video processor 34passes via a graphic processor 36 and PAL/SECAM encoder 37 to the videooutput of the receiver/decoder.

The graphic processor 36 additionally receives graphic data for display(such as generated images etc) from the central processor 20 andcombines this information with information received from the videoprocessor 34 to generate a screen display combining moving imagestogether with overlaid text or other images.

In the case of received teletext and/or subtitle data, the conversion ofthe real time PES data to generate the appropriate images may also behandled by dedicated processors. However, in most conventional systems,this is handled by the general processor 20.

The system described above in relation to FIGS. 1 and 2 has been set outin relation to the broadcast and reception of television data. As willnow be described, the system is equally adaptable to the broadcast, forexample, of exclusively audio data, the decoder functioning in this caseas a digital radio receiver. In the examples of the various embodimentsof the invention that will now be described, the decoder functionslargely as a simple channel for reception and communication of data to arecording device. Data may also be communicated to the recording devicevia other networks, such as fixed telecom networks or the like.

Whilst the following description concentrates on recordal of audio data,the same principles may be easily applied to audiovisual or otherdigital multimedia data transmitted and received for example via thedecoder. Similarly, whilst the embodiment will be discussed inparticular in relation to a mini disc reader/recorder device, the sameprinciples may be applied to DVHS readers, CD ROM devices, etc. Thereceiver/decoder may itself integrate such recording devices.

Referring now to FIG. 3, the decoder 13 is connected, via a IEEE 1394bus 40 to a digital recording device 41, such as a mini disc reader,adapted to receive and record audio information received by the decoder13. The device 41 is further adapted to include an access control module42, the operation of which will be described in detail below. Thisaccess control module 42 corresponds in many ways to the smartcard andconditional access module 29 normally used to descramble broadcasttelevision transmissions. Specifically, encrypted audio data recorded ona digital recording support in the form of a mini disc 43 is descrambledby the access control module 42 and passed to an audio processor 44before eventual output to a pair of headphones or loudspeaker 45.

In view of the reduced data flow of audio data in comparison with a fullaudiovisual television signal, the access control module 42 can berealised in the form of a single chip containing all the elementsnecessary to receive a scrambled signal and output a clear signal,including the necessary cryptographic key or keys (see below) andassociated descrambling circuitry. This chip may be integrated withinthe recording device 41 or may be embodied in a SIM card or similarinsertable in a slot in the device.

In this embodiment, a particular title or piece of music (a song, set ofsongs, etc.) available to be recorded is scrambled prior to transmissionby a control word. In the same manner as for a television broadcast,scrambling is carried out using a control word which changes every 10-15seconds or so. Each control word (and other data, if desired) isencrypted using an encryption key Kt associated with the identity of thepiece of music, for example the title of the song concerned, so as toform a characteristic ECM message.

The audio data and associated ECM messages are sent cyclically by thetransmitter 6. That is, this data is broadcast continuously (or at leastat regular intervals) to a field of decoders. In the event that a userdecides to purchase this title, for example, by selecting the title froma menu of available titles using the decoder remote control, the decoder13 sends a message 51 to the access control server 15 and ciphering unit50. The message includes information relating to the title of the pieceof music, the identity of the recording device 41 that will be used torecord the data and the identity of the customer's decoder 13.

As described above, the ECM containing the control word needed todescramble the audio information is encrypted using a key associatedwith the title of the piece of music. The ciphering unit 50 possessesthe equivalent of the key Kt needed to decrypt the ECM message as wellas a key Ki associated with the identity of the mini disc reader and,more particularly, with the access control module 42 which possesses theequivalent decryption key. The key Kt (and other data, if desired) isencrypted by the key Ki and the resulting EMM message 52 sent via theserver 52 to the decoder 13.

The communication of identity of the decoder 13 to the server 15 is notneeded in the encryption/decryption process but may be used in theeventual billing to the customer of his purchase of his piece of music.

The EMM and the data to be recorded (as downloaded by the decoder fromthe MPEG broadcast stream) are sent via the bus 1394 to the minidisc/reader recorder 41. As will be appreciated, the EMM message, thedata to be recorded and the associated ECM are all sent in encrypted orscrambled form on the bus 40 and are unreadable to any third party notpossessing the keys Kt, Ki.

The data transmitted to the mini disc reader 41 are thereafter combinedat 47 and recorded on the disc 43 in the form shown in FIG. 4. Inparticular, each recording comprises a header 60 containing generalinformation regarding the recording, an EMM section 61 containing theEMM, and one or more sections 62 containing the scrambled audio datasegments each with the associated ECM containing the control wordnecessary to descramble the data.

As mentioned above, in this embodiment, the piece of music to berecorded is transmitted continuously in a transmission cycle. In orderto enable the decoder 13 to start downloading the piece at any time onceit has been selected by the user, the mini disc device 41 mayadditionally be supplied with a buffer type memory 46. The individualsegments making up the piece of music may be downloaded in any order(for example, starting in the middle of the piece) and thereafterre-arranged in the correct order to be recorded on the disc 43 in thecorrect order together with the EMM message as shown in FIG. 4.

When replaying the recording, the access control module will decrypt theEMM, using its equivalent of the key Ki, and thus obtain the equivalentof the key Kt associated with the encryption of the ECMs. Each ECM isthen decrypted with the equivalent key Kt to obtain the control wordneeded to descramble that segment of audio data. The algorithms used togenerate the keys Kt, Ki and their equivalent may correspond to anyknown symmetric algorithm such as, for example, DES. Alternatively, insome cases public/private key pairs such as are known from the RSAalgorithm may be used.

As mentioned above, in view of the relatively low data rate associatedwith audio information, all these operations, including the descramblingitself, may be carried out within a single chip. Alternatively, some orpart of the process may be carried out separately. For example, theaccess control module may simply supply a decrypted control word streamin association with the scrambled audio data to a separate descramblerunit.

The use of a control word adapted to change every 10-15 seconds is aconcept known from the field of television broadcasts. In the presentcase and given that the average length of a scrambled piece of music maybe only 3-4 minutes, the structure may be simplified, for example, tohave only a single control word and ECM for any given piece of music.

It is even possible to imagine a situation in which the use of an EMM isdispensed with and the server 15 sends in clear the key Kt necessary todecrypt a given piece of music in response to a request from thedecoder. For obvious reasons, the security of such a system would beextremely low, since all information needed to decrypt a piece of musicwould be present in clear in transmission or as recorded on the disc 43,and such an embodiment would deter only the most basic level of fraud.

As described, an EMM is requested by a command from the decoder 13 tothe server 15 and unit 15 and returned by the same modem channel. Aswill be appreciated, other communication channels may be used. Forexample, the user may command an EMM via the telephone or Minitel, andthe EMM may be generated and sent, for example, in the MPEG flow via thesatellite link.

The embodiment of FIGS. 3 and 4 relies on the principle of associationof a key Kt with a particular set of data or piece of music and thecommunication of this key for example in a specific EMM generated inresponse to a request. FIGS. 5 and 6 show an alternative embodiment,again using the cyclical transmission of the audio data, but based onthe principle of subscription together with the use of a number ofpredetermined credits.

In this embodiment, the connection between the decoder 13 and the server15 and unit 30 is not shown, since the mini disc reader 41 receives(upon connection to the decoder 13) a regularly transmitted EMM messagecontaining the exploitation key Ke needed to decode that month's ECMs(i.e. the ECMs associated with all the pieces transmitted during thatmonth) together with a number of credits. If unused, credits transmittedwith EMMs may be carried over from one month to the next.

In alternative embodiments, the credits may be loaded into the decoderor reader via a modem, telephone or Minitel connection, or even directlyusing an “electronic purse” chip-based device such as a smart card torecharge the credits.

Equally, whilst it is desirable for security reasons to have a changingmonthly exploitation key Ke, this may alternatively correspond to apredetermined fixed value known to all readers. In such an embodiment,there will be no need for a monthly EMM message.

In the case of a changing monthly exploitation key Ke, the key Ke isencrypted by the key Ki associated with a particular reader 41 to createan EMM. Upon connection to the decoder 13, the EMM message for thatmonth and associated with that reader 41 is recorded on the disk 43together with the ECM messages relating to the chosen piece of music andthe data. See FIG. 6, where the numeral 63 designates the EMM messagerecorded in this embodiment and 62 designates the data and associatedECM messages.

The transmission of an EMM assigned to a particular reader will ofcourse depend on the user having taken the necessary steps to purchasethe rights to download data for recordal. This may be handled, forexample, in a subscription system of the type described in relation toFIGS. 1 and 2, where the access control system 15 manages the list ofsubscribers or, more specifically, a list of decoders designated toreceive certain broadcast programs.

Upon replaying the recording, the access control module 42 decrypts theEMM using its equivalent key Ki, obtains the key Ke associated with theECM for recordings in that month and thereafter decrypts individual ECMmessages to obtain the control word to descramble each segrnent.

Since it is envisaged that many titles or pieces of music will be sentduring a given month, and that a user may not have unlimited rights torecord all titles, it may be necessary to use a credit system to monitorthe number of recordings that may be made and/or the number of times theor each recording may be replayed. As noted above, this may take theform of a number of credits stored in the reader and decremented eachtime the reader records a piece of music comprising the scrambled data,ECMs and EMM message on a disk. In addition, or alternatively, creditsmay be decremented each time a recording is replayed.

In addition to a credit system some means may also be provided to verifythat a reader has the rights to access a particular recording, since allrecordings for that month for that decoder will possess the same EMMheader. Whilst the presence of an EMM reader on the recording shouldnormally mean that the reader has paid for that recording, fraud may bepossible.

For example, it may be envisaged that a user records scrambled data,ECMs and EMMs in one valid and paid-for recording and thereafter “cutand pastes” the EMM header onto all other recordings for that month madewithout authorisation and simply comprising the scrambled data and ECMmessages. Since the exploitation key is constant during that month, thesame EMM header will work (at least for that reader) for all recordingsduring the month. The problem will be exacerbated in the case of aconstant unchanging exploitation key.

To overcome this potential problem, the device 41 may be adapted torecord in the access control module 42 further information regardingeach individual recording that has been purchased, for example, titledata or the like. This data may also be contained in one or more ECMstransmitted with the piece of music. Using an EEPROM memory of 4000bytes, the access control module 42 can stock information relating to upto 1000 recordings, and by comparing a title in the list to the titlecontained in an ECM on the recording decide upon playback whether arecording has been validly made.

Price information for the piece of music or programme may equally beincluded in the ECM. Again, this information may be used by the accesscontrol module 42 to manage the number of recordings that may be made bya given user. Alternatively or in addition, the credit system mayoperate on playback of a recording.

Whilst the embodiment of FIGS. 5 and 6 avoids the need to generate inreal-time a specific EMM in response to a user request, the memory spacerequirements of the access control module 42 may increase greatly ifdetailed lists of recordings purchased are stored in the reader. In analternative realisation, this information could be stored and managedwithin the decoder 13. If so, two sets of keys may be used; one toencrypt/decrypt EMM transmissions from the transmitter 6 to decoder 13,and one to re-encrypt EMM messages for subsequent routing to anddecryption by the recorder device 41.

Referring now to FIGS. 7 and 8, a simpler embodiment of the presentinvention will now be described. In this embodiment, a user who wishesto download and record a piece of music sends a request including thedisc reader ID, the title of the piece of music and the decoder ID to aserver 15. This request may be effected, for example, via the modern ofthe decoder 23. Equally, a request may be sent using a phone 48 orminitel 49.

Unlike previous embodiments, the piece of music is not broadcastcyclically but, instead, is only broadcast in response to an instructionfrom the server 15 to the transmitter 6. The transmitter scrambles thedata prior to transmission with a changing control word and encryptseach control word (and other data, if desires) with a key Ki associatedwith the reader ID or, more specifically, the access control module 42,to prepare a user specific ECM. As before, the decoder ID is merely usedfor the purpose of billing the user.

In this embodiment, the information to be recorded on the disk 43 isconsiderably reduced, as shown in FIG. 8, and comprises simply a header60 and a series of ECMs 64. Upon reading a recording, the access controlmodule 42 uses its equivalent of the key Ki to decode each ECM and toobtain the control word needed to decode each data segment associatedwith the ECM.

What is claimed is:
 1. A system for transmission and recording ofdigital data, comprising: a transmission means adapted to prepare andtransmit at least one control word encrypted by a first key togetherwith digital data scrambled by that control word; a digital recordingdevice adapted to receive and record on a digital support thetransmitted scrambled digital data together with the encrypted controlword, the digital recording device including an access control unitadapted to decrypt the encrypted control word and thereafter descramblethe scrambled digital data during playback, wherein said access controlmodule comprises a credit unit adapted to control a number of recordingsmade by the digital recording device.
 2. A system as claimed in claim 1in which the access control unit is incorporated in a discrete moduleinsertable in the recording device to permit decryption and descramblingof the recorded data upon playback.
 3. A system as claimed in claim 1further comprising a separate receiver/decoder adapted to receive thetransmitted digital data and encrypted code word and to communicate thisinformation to the recording device for subsequent recordal.
 4. A systemas claimed in claim 1 in which the transmission means is adapted torepetitively transmit the scrambled digital data and encrypted codeword.
 5. A system as claimed in claim 1 in which the control word forthe data is encrypted by a first key associated with the identity of thedata being transmitted.
 6. A system as claimed in claim 5 in which thefirst key is encrypted by a second key before communication to theaccess control unit.
 7. A system as claimed in claim 5 furthercomprising a key encryption apparatus adapted to encrypt the equivalentfirst key by a second key before communication to recording device, theaccess control unit possessing an equivalent of the second key so as topermit the decryption of the first key and, thereafter, the decryptionof the control word and subsequent descrambling of the transmitted data.8. A system as claimed in claim 7, further comprising a receiver/decoderunit adapted to request a first key from the key encryption apparatus,the key encryption apparatus thereafter communicating the encryptedfirst key to the receiver/decoder for subsequent communication to therecording device and access control module.
 9. A system as claimed inclaim 1, the access control module comprising a credit unit forcontrolling the number of times a recording is played.
 10. A system asclaimed in claim 1 in which the same first key is used to encrypt thecontrol word or words associated with a plurality of sets of data.
 11. Asystem as claimed in claim 1 in which the first key is repetitivelytransmitted by the transmission means in a message encrypted by a secondkey.
 12. A system as claimed in claim 11, in which the message sent bythe transmission means containing the encrypted first key also containscredit information intended for a credit unit within the access controlmodule.
 13. A system as claimed in claim 1 in which the transmissionmeans responds to a real-time request to transmit the scrambled digitaldata and encrypted control word.
 14. A system as claimed in claim 13 inwhich the control word is directly encrypted by a first key associatedwith the identity of the access control unit, the access control unitpossessing an equivalent of the key to permit the decryption of thecontrol word and subsequent descrambling of the data.
 15. A system asclaimed in claim 1 in which the transmission means is adapted totransmit audio data.
 16. A system as claimed in claim 15 in which therecording device comprises a mini disc recorder adapted to includeaccess control means.
 17. A recording device for use in the system asclaimed in claim 1, adapted to record scrambled data and an associatedencrypted control word and comprising an access control means adapted todecrypt the recorded control word and descramble data upon playback. 18.A system for transmission and recording of digital data as claimed inclaim 1, wherein said encrypted control word is transmitted withinentitlement control messages and wherein said access control modulecontrols the number of recordings made by the digital recording deviceas a function of price information included in said entitlement controlmessages.
 19. A method of transmission and recordal of digital data,comprising: preparing and transmitting digital data together with atleast one control word using a transmission means; recording thetransmitted scrambled data and encrypted control word on a digitalsupport using a digital recording device, the digital recording devicecomprising an access control means; decrypting the encrypted controlword and thereafter descramble the scrambled digital data duringplayback using the access control means, wherein said access controlmodule comprises a credit unit for controlling a number of recordingsmade by the digital recording device.